From owner-freebsd-security  Mon Aug 20  2:50:33 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mout1.freenet.de (mout1.freenet.de [194.97.50.132])
	by hub.freebsd.org (Postfix) with ESMTP id DA92D37B401
	for <freebsd-security@freebsd.org>; Mon, 20 Aug 2001 02:50:29 -0700 (PDT)
	(envelope-from Alexander@leidinger.net)
Received: from [194.97.50.138] (helo=mx0.freenet.de)
	by mout1.freenet.de with esmtp (Exim 3.32 #1)
	id 15YlhU-00050L-00; Mon, 20 Aug 2001 11:50:28 +0200
Received: from b849d.pppool.de ([213.7.132.157] helo=Magelan.Leidinger.net)
	by mx0.freenet.de with esmtp (Exim 3.32 #1)
	id 15YlhT-000589-00; Mon, 20 Aug 2001 11:50:28 +0200
Received: from Leidinger.net (netchild@localhost [127.0.0.1])
	by Magelan.Leidinger.net (8.11.5/8.11.5) with ESMTP id f7K9QiG03818;
	Mon, 20 Aug 2001 11:26:45 +0200 (CEST)
	(envelope-from netchild@Leidinger.net)
Message-Id: <200108200926.f7K9QiG03818@Magelan.Leidinger.net>
Date: Mon, 20 Aug 2001 11:26:43 +0200 (CEST)
From: Alexander Leidinger <Alexander@Leidinger.net>
Subject: Re: Code Red is from default setup
To: bright@mu.org
Cc: wkb@freebie.xs4all.nl, Danny.Carroll@mail.ing.nl,
	freebsd-security@FreeBSD.ORG
In-Reply-To: <20010820021249.A81307@elvis.mu.org>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 20 Aug, Alfred Perlstein wrote:

>> This is *FreeBSD* security, not MickeySoft latest bugs..
> 
> Agreed.  Although it would be amusing to detect default.ida requests
> and reply with a similar request the difference being that the reply
> one reboots/shuts-down the infected box.
> 
> I'm suprised no one has suggested crafting such a tool.

http://www.onlamp.com/lpt/a//apache/2001/08/16/code_red.html

No, it didn't reboots the infected box, but...

Bye,
Alexander.

-- 
                      Loose bits sink chips.

http://www.Leidinger.net                       Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message